SECUNIA ADVISORY ID: SA35125
VERIFY ADVISORY: http://secunia.com/advisories/35125/
Critical: Moderately Critical
DESCRIPTION: A vulnerability has been reported in PHP Dir Submit, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the username and password when logging in to the administrator panel is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Restrict access to the administrator panel (e.g. via ".htaccess").
PROVIDED AND/OR DISCOVERED BY: Snakespc
ORIGINAL ADVISORY: http://milw0rm.com/exploits/8710